New iOS Bug Exposes Your Contacts and Photos

Photo by Jason Cipriani

Update 1 p.m. ET: Apple has fixed this issue. Click here to learn more.

Apple’s iOS 9 users just can’t seem to catch a break.

Several bug-seekers have found a glitch in the way Apple’s (AAPL) virtual personal assistant Siri handles requests from its lock screen, allowing malicious hackers to access a person’s photos and contacts. The bug reportedly affects users running all versions of iOS 9.

According to several videos posted to YouTube and earlier spotted by Forbes, a malicious hacker could obtain a person’s contacts or photos by first asking Siri to search Twitter (TWTR). From there, the hypothetical hacker would ask Siri to look for email addresses by saying a query like, “” or “” Siri will then display tweets from Twitter Search. Once the would-be hacker finds a full email address, he or she needs only to use the 3D Touch feature built into the iPhone 6s or iPhone 6s Plus to access a person’s contacts and photos.

Get Data Sheet, Fortune’s technology newsletter.

The findings come after a rough couple of weeks for Apple. The iPhone maker, which launched an update to iOS 9 on March 21, has been hit with a rash of bugs and glitches that would either render devices useless if users tried to update to iOS 9.3 but didn’t know their Apple ID passwords or cause links to stop working altogether. While Apple has fixed the links issue in iOS 9.3.1, the latest glitch affects that version of the software as well.

That said, the problem isn’t solely an iOS 9.3.1 issue. In fact, a user who tested the latest flaw says that he was able to get it to work on devices running any version of iOS 9.

Apple has long suffered from issues with its lock screen. Indeed, over the last several years, users have found ways to access a wide range of content by bypassing what is supposed to be the firewall between user data and hackers. While Apple has patched those flaws and added additional security features to its lock screen, including six-digit passcodes and Touch ID, a biometric sensor that can be used to unlock the device, there are obviously still some problems.

For more about iOS 9.3, watch:

However, the latest flaw isn’t one that should affect too many people. For one, it requires that users have 3D Touch and only appears to affect iPhones, so anyone but iPhone 6s and iPhone 6s Plus users will not be hampered by the glitch. In addition, users must have Siri turned on; those who have turned off the virtual personal assistant cannot be affected by the potential hack. The security built into the iOS 9 also ensures no other data can be accessed due to the flaw.

Better yet, there’s a workaround: turn off Siri. While those with know-how could quite easily view contacts and photos, if Siri is turned off, the would-be hacker wouldn’t be able to query the assistant, rendering the hack powerless. So, if you’re really worried about someone looking into your photos or contacts, turning off Siri will get the job done.


Apple did not immediately respond to a request for comment on the latest iOS 9 flaw.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward